protonfile-auth 1.6.4 → 1.6.5

package/README.md

@@ -1,18 +1,22 @@
-# protonfile-auth
-
-Authentication and authorization solution initially built for Protonfile but usable for any modern app. It was created as an Auth0 replacement for Protonfile.
-
-## How does it work?
-
-protonfile-auth works with the traditional JWT access and refresh token model, refresh tokens are long-lived (currently hard-coded to 7 days) and access tokens are short-lived and new ones can be obtained with the refresh token.
-
-An Express middleware is exposed, which can be used to verify the users' access token before allowing them to access a resource.
-
-Refresh token versions are stored in the database, which enables token rotation. It also allows for an instant session revocation by the user, which in turn blocks any access token issuing for that session.
-
-## Disadvantages
-
-protonfile-auth is in no means a perfect authentication solution, there are some known issues. This module was built to have a complete control over the authentication process but it surely can't compete with solutions like OAuth. **If you are building a professional application you should use more tested solutions than this**.
-
-- JWT is not advised as a session token because it's self contained with no central autority that can invalidate it. This is solved in protonfile-auth by saving those tokens in a database and removing them once a session is expired.
-- **Session/access token clutter**: there were some bad decisions during the developement which introduced the session tokens. Sessions are a nice way of knowing on which devices a user is authenticated, but it can be solved without having 2 tokens.
+# protonfile-auth
+
+Authentication and authorization solution initially built for Protonfile but usable for any modern app. It was created as an Auth0 replacement for Protonfile.
+
+## How does it work?
+
+protonfile-auth works with the traditional JWT access and refresh token model, refresh tokens are long-lived (currently hard-coded to 7 days) and access tokens are short-lived and new ones can be obtained with the refresh token.
+
+An Express middleware is exposed, which can be used to verify the users' access token before allowing them to access a resource.
+
+Refresh token versions are stored in the database, which enables token rotation. It also allows for an instant session revocation by the user, which in turn blocks any access token issuing for that session.
+
+## Disadvantages
+
+protonfile-auth is in no means a perfect authentication solution, there are some known issues. This module was built to have a complete control over the authentication process but it surely can't compete with solutions like OAuth. **If you are building a professional application you should use more tested solutions than this**.
+
+- JWT is not advised as a session token because it's self contained with no central autority that can invalidate it. This is solved in protonfile-auth by saving those tokens in a database and removing them once a session is expired.
+
+## Advantages
+
+- Access token revocation is istantaneous, each token is linked to a session and if the session is recoked (on logout or device kick) the access token is also invalidated. Auth middleware does not make a query to the database on each verification and instead keeps an in-memory cache of revoked sessions to be able to instantaneosly verify the token. Though the cache is in-memory all revoked sessions are also stored in the database till their expiration, this allows to recover them in case the server goes down.
+- **Total control over your data**. All TypeORM entities are exported, which means that you can access your data from external TypeScript applications. 

package/lib/Entities/OTP.d.ts

@@ -1,10 +1,10 @@
-import { BaseEntity } from 'typeorm';
-import { User } from './User';
-export declare class OTP extends BaseEntity {
-    code: string;
-    setCode(): void;
-    scope: string;
-    expiration: number;
-    user_id: string;
-    user: User;
-}
+import { BaseEntity } from 'typeorm';
+import { User } from './User';
+export declare class OTP extends BaseEntity {
+    code: string;
+    setCode(): void;
+    scope: string;
+    expiration: number;
+    user_id: string;
+    user: User;
+}

package/lib/Entities/OTP.js

@@ -1,48 +1,48 @@
-"use strict";
-var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
-    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
-    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
-    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
-    return c > 3 && r && Object.defineProperty(target, key, r), r;
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.OTP = void 0;
-const typeorm_1 = require("typeorm");
-const User_1 = require("./User");
-const nanoid_1 = require("nanoid");
-const randomOtp = (0, nanoid_1.customAlphabet)('1234567890', 6);
-let OTP = class OTP extends typeorm_1.BaseEntity {
-    setCode() {
-        this.code = randomOtp();
-    }
-};
-__decorate([
-    (0, typeorm_1.PrimaryColumn)({
-        name: 'code',
-        type: 'varchar',
-        length: 6,
-    })
-], OTP.prototype, "code", void 0);
-__decorate([
-    (0, typeorm_1.BeforeInsert)()
-], OTP.prototype, "setCode", null);
-__decorate([
-    (0, typeorm_1.Column)('text')
-], OTP.prototype, "scope", void 0);
-__decorate([
-    (0, typeorm_1.Column)({
-        type: 'bigint',
-        default: () => Date.now().toFixed(0),
-    })
-], OTP.prototype, "expiration", void 0);
-__decorate([
-    (0, typeorm_1.Column)({ name: 'user_id', type: 'text' })
-], OTP.prototype, "user_id", void 0);
-__decorate([
-    (0, typeorm_1.ManyToOne)(() => User_1.User, { nullable: false }),
-    (0, typeorm_1.JoinColumn)({ name: 'user_id' })
-], OTP.prototype, "user", void 0);
-OTP = __decorate([
-    (0, typeorm_1.Entity)()
-], OTP);
-exports.OTP = OTP;
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OTP = void 0;
+const typeorm_1 = require("typeorm");
+const User_1 = require("./User");
+const nanoid_1 = require("nanoid");
+const randomOtp = (0, nanoid_1.customAlphabet)('1234567890', 6);
+let OTP = class OTP extends typeorm_1.BaseEntity {
+    setCode() {
+        this.code = randomOtp();
+    }
+};
+__decorate([
+    (0, typeorm_1.PrimaryColumn)({
+        name: 'code',
+        type: 'varchar',
+        length: 6,
+    })
+], OTP.prototype, "code", void 0);
+__decorate([
+    (0, typeorm_1.BeforeInsert)()
+], OTP.prototype, "setCode", null);
+__decorate([
+    (0, typeorm_1.Column)('text')
+], OTP.prototype, "scope", void 0);
+__decorate([
+    (0, typeorm_1.Column)({
+        type: 'bigint',
+        default: () => Date.now().toFixed(0),
+    })
+], OTP.prototype, "expiration", void 0);
+__decorate([
+    (0, typeorm_1.Column)({ name: 'user_id', type: 'text' })
+], OTP.prototype, "user_id", void 0);
+__decorate([
+    (0, typeorm_1.ManyToOne)(() => User_1.User, { nullable: false }),
+    (0, typeorm_1.JoinColumn)({ name: 'user_id' })
+], OTP.prototype, "user", void 0);
+OTP = __decorate([
+    (0, typeorm_1.Entity)()
+], OTP);
+exports.OTP = OTP;

package/lib/Entities/Session.d.ts

@@ -1,10 +1,10 @@
-import { BaseEntity } from 'typeorm';
-import { User } from './User';
-export declare class Session extends BaseEntity {
-    session_id: string;
-    user_id: string;
-    user: User;
-    user_agent: string;
-    version: number;
-    last_used: string;
-}
+import { BaseEntity } from 'typeorm';
+import { User } from './User';
+export declare class Session extends BaseEntity {
+    session_id: string;
+    user_id: string;
+    user: User;
+    user_agent: string;
+    version: number;
+    last_used: string;
+}

package/lib/Entities/Session.js

@@ -1,36 +1,36 @@
-"use strict";
-var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
-    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
-    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
-    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
-    return c > 3 && r && Object.defineProperty(target, key, r), r;
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.Session = void 0;
-const typeorm_1 = require("typeorm");
-const User_1 = require("./User");
-let Session = class Session extends typeorm_1.BaseEntity {
-};
-__decorate([
-    (0, typeorm_1.PrimaryGeneratedColumn)('uuid')
-], Session.prototype, "session_id", void 0);
-__decorate([
-    (0, typeorm_1.Column)({ name: 'user_id', type: 'text' })
-], Session.prototype, "user_id", void 0);
-__decorate([
-    (0, typeorm_1.ManyToOne)(() => User_1.User, { nullable: false }),
-    (0, typeorm_1.JoinColumn)({ name: 'user_id' })
-], Session.prototype, "user", void 0);
-__decorate([
-    (0, typeorm_1.Column)('text')
-], Session.prototype, "user_agent", void 0);
-__decorate([
-    (0, typeorm_1.Column)('int')
-], Session.prototype, "version", void 0);
-__decorate([
-    (0, typeorm_1.Column)('bigint')
-], Session.prototype, "last_used", void 0);
-Session = __decorate([
-    (0, typeorm_1.Entity)()
-], Session);
-exports.Session = Session;
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Session = void 0;
+const typeorm_1 = require("typeorm");
+const User_1 = require("./User");
+let Session = class Session extends typeorm_1.BaseEntity {
+};
+__decorate([
+    (0, typeorm_1.PrimaryGeneratedColumn)('uuid')
+], Session.prototype, "session_id", void 0);
+__decorate([
+    (0, typeorm_1.Column)({ name: 'user_id', type: 'text' })
+], Session.prototype, "user_id", void 0);
+__decorate([
+    (0, typeorm_1.ManyToOne)(() => User_1.User, { nullable: false }),
+    (0, typeorm_1.JoinColumn)({ name: 'user_id' })
+], Session.prototype, "user", void 0);
+__decorate([
+    (0, typeorm_1.Column)('text')
+], Session.prototype, "user_agent", void 0);
+__decorate([
+    (0, typeorm_1.Column)('int')
+], Session.prototype, "version", void 0);
+__decorate([
+    (0, typeorm_1.Column)('bigint')
+], Session.prototype, "last_used", void 0);
+Session = __decorate([
+    (0, typeorm_1.Entity)()
+], Session);
+exports.Session = Session;

package/lib/Entities/TempToken.d.ts

@@ -1,5 +1,5 @@
-import { BaseEntity } from 'typeorm';
-export declare class TempToken extends BaseEntity {
-    token: string;
-    expires: number;
-}
+import { BaseEntity } from 'typeorm';
+export declare class TempToken extends BaseEntity {
+    token: string;
+    expires: number;
+}

package/lib/Entities/TempToken.js

@@ -1,22 +1,22 @@
-"use strict";
-var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
-    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
-    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
-    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
-    return c > 3 && r && Object.defineProperty(target, key, r), r;
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.TempToken = void 0;
-const typeorm_1 = require("typeorm");
-let TempToken = class TempToken extends typeorm_1.BaseEntity {
-};
-__decorate([
-    (0, typeorm_1.PrimaryColumn)('text')
-], TempToken.prototype, "token", void 0);
-__decorate([
-    (0, typeorm_1.Column)('bigint')
-], TempToken.prototype, "expires", void 0);
-TempToken = __decorate([
-    (0, typeorm_1.Entity)()
-], TempToken);
-exports.TempToken = TempToken;
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TempToken = void 0;
+const typeorm_1 = require("typeorm");
+let TempToken = class TempToken extends typeorm_1.BaseEntity {
+};
+__decorate([
+    (0, typeorm_1.PrimaryColumn)('text')
+], TempToken.prototype, "token", void 0);
+__decorate([
+    (0, typeorm_1.Column)('bigint')
+], TempToken.prototype, "expires", void 0);
+TempToken = __decorate([
+    (0, typeorm_1.Entity)()
+], TempToken);
+exports.TempToken = TempToken;

package/lib/Entities/User.d.ts

@@ -1,9 +1,9 @@
-import { BaseEntity } from 'typeorm';
-export declare class User extends BaseEntity {
-    user_id: string;
-    first_name: string;
-    last_name: string;
-    email: string;
-    password: string;
-    email_verified: boolean;
-}
+import { BaseEntity } from 'typeorm';
+export declare class User extends BaseEntity {
+    user_id: string;
+    first_name: string;
+    last_name: string;
+    email: string;
+    password: string;
+    email_verified: boolean;
+}

package/lib/Entities/User.js

@@ -1,34 +1,34 @@
-"use strict";
-var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
-    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
-    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
-    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
-    return c > 3 && r && Object.defineProperty(target, key, r), r;
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.User = void 0;
-const typeorm_1 = require("typeorm");
-let User = class User extends typeorm_1.BaseEntity {
-};
-__decorate([
-    (0, typeorm_1.PrimaryGeneratedColumn)('uuid')
-], User.prototype, "user_id", void 0);
-__decorate([
-    (0, typeorm_1.Column)('text')
-], User.prototype, "first_name", void 0);
-__decorate([
-    (0, typeorm_1.Column)('text')
-], User.prototype, "last_name", void 0);
-__decorate([
-    (0, typeorm_1.Column)('text')
-], User.prototype, "email", void 0);
-__decorate([
-    (0, typeorm_1.Column)('text')
-], User.prototype, "password", void 0);
-__decorate([
-    (0, typeorm_1.Column)({ name: 'email_verified', type: 'boolean', default: false })
-], User.prototype, "email_verified", void 0);
-User = __decorate([
-    (0, typeorm_1.Entity)()
-], User);
-exports.User = User;
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.User = void 0;
+const typeorm_1 = require("typeorm");
+let User = class User extends typeorm_1.BaseEntity {
+};
+__decorate([
+    (0, typeorm_1.PrimaryGeneratedColumn)('uuid')
+], User.prototype, "user_id", void 0);
+__decorate([
+    (0, typeorm_1.Column)('text')
+], User.prototype, "first_name", void 0);
+__decorate([
+    (0, typeorm_1.Column)('text')
+], User.prototype, "last_name", void 0);
+__decorate([
+    (0, typeorm_1.Column)('text')
+], User.prototype, "email", void 0);
+__decorate([
+    (0, typeorm_1.Column)('text')
+], User.prototype, "password", void 0);
+__decorate([
+    (0, typeorm_1.Column)({ name: 'email_verified', type: 'boolean', default: false })
+], User.prototype, "email_verified", void 0);
+User = __decorate([
+    (0, typeorm_1.Entity)()
+], User);
+exports.User = User;

package/lib/controllers/change_password.d.ts

@@ -1,3 +1,3 @@
-import { Request, Response } from 'express';
-export declare const get: (req: Request, res: Response) => Promise<Response<any, Record<string, any>> | undefined>;
-export declare const post: (req: Request, res: Response) => Promise<Response<any, Record<string, any>> | undefined>;
+import { Request, Response } from 'express';
+export declare const get: (req: Request, res: Response) => Promise<Response<any, Record<string, any>> | undefined>;
+export declare const post: (req: Request, res: Response) => Promise<Response<any, Record<string, any>> | undefined>;

package/lib/controllers/change_password.js

@@ -1,58 +1,59 @@
-"use strict";
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.post = exports.get = void 0;
-const User_1 = require("../Entities/User");
-const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
-const mail_1 = require("../services/mail");
-const bcryptjs_1 = __importDefault(require("bcryptjs"));
-const Session_1 = require("../Entities/Session");
-const TempToken_1 = require("../services/TempToken");
-const get = (req, res) => __awaiter(void 0, void 0, void 0, function* () {
-    const user = yield User_1.User.findOne({ email: req.params.email });
-    if (!user) {
-        return res.sendStatus(404);
-    }
-    const token = jsonwebtoken_1.default.sign({ user_id: user.user_id }, process.env.CHANGE_PASSWORD_TOKEN_KEY, { expiresIn: '2h' });
-    const email = new mail_1.ChangePasswordMail(user, (process.env.PROTONFILE_AUTH_APP_URL || '') + '/change_password/' + token);
-    yield email.send();
-    res.sendStatus(200);
-});
-exports.get = get;
-const post = (req, res) => __awaiter(void 0, void 0, void 0, function* () {
-    try {
-        const token = jsonwebtoken_1.default.verify(req.body.token, process.env.CHANGE_PASSWORD_TOKEN_KEY);
-        if (typeof token === 'string') {
-            throw 'token malformed';
-        }
-        const temptoken = new TempToken_1.TempTokenService(req.body.token, token.exp || 0);
-        if (!(yield temptoken.isValid())) {
-            throw 'token expired';
-        }
-        const user = yield User_1.User.findOne({ user_id: token.user_id });
-        if (!user) {
-            return res.sendStatus(404);
-        }
-        User_1.User.update({ user_id: token.user_id }, { password: yield bcryptjs_1.default.hash(req.body.password, 10) });
-        if (req.body.revoke_all) {
-            yield Session_1.Session.delete({ user_id: user.user_id });
-        }
-        yield temptoken.invalidate();
-        res.sendStatus(200);
-    }
-    catch (err) {
-        res.sendStatus(500);
-    }
-});
-exports.post = post;
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.post = exports.get = void 0;
+const User_1 = require("../Entities/User");
+const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
+const bcryptjs_1 = __importDefault(require("bcryptjs"));
+const Session_1 = require("../Entities/Session");
+const TempToken_1 = require("../services/TempToken");
+const get = (req, res) => __awaiter(void 0, void 0, void 0, function* () {
+    const user = yield User_1.User.findOne({ where: { email: req.params.email } });
+    if (!user) {
+        return res.sendStatus(404);
+    }
+    const token = jsonwebtoken_1.default.sign({ user_id: user.user_id }, process.env.CHANGE_PASSWORD_TOKEN_KEY, { expiresIn: '2h' });
+    const ums = req.ums;
+    ums.send('change_password', { user, token });
+    res.sendStatus(200);
+});
+exports.get = get;
+const post = (req, res) => __awaiter(void 0, void 0, void 0, function* () {
+    const temptoken = new TempToken_1.TempTokenService(req.body.token, 0);
+    try {
+        const token = jsonwebtoken_1.default.verify(req.body.token, process.env.CHANGE_PASSWORD_TOKEN_KEY);
+        if (typeof token === 'string') {
+            throw 'token malformed';
+        }
+        temptoken.setExpiration(token.exp || 0);
+        if (!(yield temptoken.isValid())) {
+            throw 'token expired';
+        }
+        const user = yield User_1.User.findOne({ where: { user_id: token.user_id } });
+        if (!user) {
+            return res.sendStatus(404);
+        }
+        yield User_1.User.update({ user_id: token.user_id }, { password: yield bcryptjs_1.default.hash(req.body.password, 10) });
+        if (req.body.revoke_all) {
+            yield Session_1.Session.delete({ user_id: user.user_id });
+        }
+        yield temptoken.invalidate();
+        res.sendStatus(200);
+    }
+    catch (err) {
+        res.sendStatus(500);
+    }
+    temptoken.close();
+});
+exports.post = post;

package/lib/controllers/login.d.ts

@@ -1,3 +1,3 @@
-import { Request, Response } from 'express';
-declare const _default: (req: Request, res: Response) => Promise<Response<any, Record<string, any>> | undefined>;
-export default _default;
+import { Request, Response } from 'express';
+declare const _default: (req: Request, res: Response) => Promise<Response<any, Record<string, any>> | undefined>;
+export default _default;

package/lib/controllers/login.js

@@ -1,40 +1,40 @@
-"use strict";
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const bcryptjs_1 = __importDefault(require("bcryptjs"));
-const auth_1 = require("../services/auth");
-const User_1 = require("../Entities/User");
-exports.default = (req, res) => __awaiter(void 0, void 0, void 0, function* () {
-    try {
-        const { email, password } = req.body;
-        if (!(email && password)) {
-            return res.status(400).send('All input is required');
-        }
-        const user = yield User_1.User.findOne({ email });
-        if (!user) {
-            return res.status(404).send('User not found');
-        }
-        if (!user.email_verified)
-            return res.status(403).send('Email verification required');
-        if (user && (yield bcryptjs_1.default.compare(password, user.password))) {
-            // Create token
-            const token = yield (0, auth_1.performLogin)(req, res, user);
-            return res.status(200).json(Object.assign(Object.assign({}, user), { token }));
-        }
-        res.status(400).send('Invalid Credentials');
-    }
-    catch (err) {
-        console.log(err);
-    }
-});
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const bcryptjs_1 = __importDefault(require("bcryptjs"));
+const auth_1 = require("../services/auth");
+const User_1 = require("../Entities/User");
+exports.default = (req, res) => __awaiter(void 0, void 0, void 0, function* () {
+    try {
+        const { email, password } = req.body;
+        if (!(email && password)) {
+            return res.status(400).send('All input is required');
+        }
+        const user = yield User_1.User.findOne({ where: { email } });
+        if (!user) {
+            return res.status(404).send('User not found');
+        }
+        if (!user.email_verified)
+            return res.status(403).send('Email verification required');
+        if (user && (yield bcryptjs_1.default.compare(password, user.password))) {
+            // Create token
+            const token = yield (0, auth_1.performLogin)(req, res, user);
+            return res.status(200).json(Object.assign(Object.assign({}, user), { token }));
+        }
+        res.status(400).send('Invalid Credentials');
+    }
+    catch (err) {
+        console.log(err);
+    }
+});

package/lib/controllers/logout.d.ts

@@ -1,3 +1,3 @@
-import { Request, Response } from 'express';
-declare const _default: (req: Request, res: Response) => Promise<Response<any, Record<string, any>> | undefined>;
-export default _default;
+import { Request, Response } from 'express';
+declare const _default: (req: Request, res: Response) => Promise<Response<any, Record<string, any>> | undefined>;
+export default _default;